Politics and the Recent NHS Cyber Attack

Home » General Topics » Security » Politics and the Recent NHS Cyber Attack
Photograph of two people having an argument / strong debate

I haven’t paid a lot of attention to the recent NHS cyber attack in the news, where the PC’s in many businesses worldwide, including many NHS sites, were shut down by the WannaCry ransomwhere. What has got my attention is the sheer amount of rubbish being spoken in the media, not helped by the fact that its election time. Lack of investment, whose fault it was, etc. etc.

What is Ransomware?

My understanding of this type of virus is that it is likely to be a “Trojan”, which has come from the internet most likely by an email attachment from an untrustworthy source. The attachment contains an executable that silently installs itself on the PC, ready for the time it is set to become active – a timebomb if you like. The idea is to infect as many PC’s as possible before it is activated, to increase the chances of some people who have not backed up their PC’s, paying the ransom so the activation time might be set to months in the future. It may also have come from an untrustworthy website that a user has browsed, but I personally think email attachments are much more likely.

What makes things worse is that anti-virus programs will not detect this until the anti-virus vendors are aware of the specific virus and can issue an update to the anti-virus software (some anti-virus programs keep a track of programs that are allowed to access the internet, I’m not sure if this would have helped in this case, because WannaCry may not have needed to access the internet once it was installed). Another problem is that once one PC in a network is infected, it might be possible depending on the virus and also other network settings, to infect all the PC’s in the network.

Is it Really Down to a Lack of Investment?

Taking the NHS as an example, what can this so called lack of investment pay for, if it was provided? As related previously, I’m not sure that having the most up to date anti-virus would save you in this case, although obviously it is a good idea generally to have an anti-virus program and keep everything up to date (only one anti-virus program though, having many on the same PC is a duplication of effort and can slow down the PC excessively). While you can always argue that extra computer staff would be better, I don’t think that is the solution either. Not having enough money is an easy excuse, at some point you have to think about what actually the problem is and what you can actually do about it.

How to Protect your Business from Cyber Attacks

What is really needed in my opinion are two things and they need not be that expensive because the same concepts could be applied to the whole of the NHS (for example):

  1. Decent email security via the NHS email servers – this scans for viruses before the email is delivered to the individual PC. I don’t have a package I could recommend, but I do know its possible. I personally have used the 1 and 1 email system for my personal and business emails for years, and its a very good system. There is very little spam, and very few mistakes made in terms of stopping non-spam from reaching my inbox.
  2. A decent webfilter – a webfilter is a software package that is installed on a network server and which stops users from browsing websites that are not related to the business use of the computers concerned, e.g. news, travel, and especially, messaging and email. Allowing users to browse the internet on work PC’s is not only a source of interruption or distraction and potential time waster for the business concerned (just stopping Facebook would probably half the distraction but I digress), but particularly if email websites are allowed to be accessed it bypasses any email security that the business has set on its email servers, because the attachments on personal emails can also be used to infect PC’s in this way and massively increases the chances of the network being infected.

How to Protect your Home Computer from Cyber Attacks

  • Keep your anti-virus software up to date
  • Turn on automatic updates on your computer
  • Use the best mail server possible with the best anti-spam
  • Do not open attachments or click links on emails that could be spam
  • Turn on the Windows Firewall in all PC’s in your network, to help prevent contamination from other PC’s.

These points are especially important if you have children accessing the internet in your household. You could consider activating parental controls in your internet router if it has this feature (I personally had two networks at home when I had children at home, because I worked at home and didn’t want my work network being infected from some of the rubbish websites that teenagers look at).

Conclusion

Why have so many PC’s been infected worldwide? Well as related it can only take one attachment opened by mistake in the past six months by one person to infect an entire network. Many users are not that computer savvy, despite all the warnings they will still do it, particularly if the email looks half genuine.

If the solution is as simple as I’ve suggested, why hasn’t it been done in the NHS? Its like anything where many people are concerned, just getting it agreed I think will be the problem in many cases. If the managers use the internet themselves to do their shopping, book their holidays etc, they are unlikely to agree to buying a package that stops them from doing that and worse, can report on internet usage and actually discipline staff for misuse of the company internet access. I wouldn’t be surprised if the attitude was “I work hard, I’m entitled to a bit of free internet time”. Personally I think not having a decent webfilter is a big problem with the number of interruptions or opportunities to access Facebook rather than do any work seriously affecting productivity in many cases, but that’s another subject.

About Phil

I have been working as a software developer since 1983. This blog could have been called "From Fortran 77, C and Cobol to C# in 20 (not so) easy years", but it doesn't sound quite right somehow. Besides I'm talking about what's happened since 2003, not before!

Leave a Reply

Your email address will not be published.


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>




Top Posts & Pages

Categories

Recent Posts

Recent Comments

Archives

Blogroll

  • Mike Cohn's Blog
  • Scott Hanselman's Blog
Be a Great Product Owner: Six Things Teams and Scrum Masters Need

Learn six ways effective product owners ensure their teams’ success. [...]

What Happens When During a Sprint

Succeeding with Scrum is easier when you know when and why to conduct each of the Scrum events during the sprint. [...]

What Are Agile Story Points?

Story points are perhaps the most misunderstood topic in agile. Story points are not based on just one factor--such as complexity, as is often mistakenly claimed. Instead, story points are based on a combination of factors. [...]

Don’t Equate Story Points to Hours

I’ve been quite adamant lately that story points are about time, specifically effort. But that does not mean you should say something like, “One story point = eight hours.” Doing this obviates the main reason to use story points in the... [...]

Epics, Features and User Stories

I've been getting more and more emails lately from people confused about the difference between "user stories", "epics" and "features." So I thought this month we'd return and cover some basic--but very helpful--territory by explaining those terms. First, the terms don't matter that much. These are not terms with important specific meanings like "pointer" to a programmer or "collateralized debt obligation" to whomever it is that's important. [...]

- Scott Hanselman
Use your own user @ domain for Mastodon discoverability with the WebFinger Protocol without hosting a server

Mastodon is a free, open-source social networking service that is decentralized and distributed. It was created in 2016 as an alternative to centralized social media platforms such as Twitter and Facebook. One of the key features of Mastodon is the use of the WebFinger protocol, which allows users to discover and access information about other users on the Mastodon network. WebFinger is a simple HTTP-based protocol that enables a user to discover information about other users or resources on the internet by using their email address or other identifying information. The WebFinger protocol is important for Mastodon because it enables… [...]

- Scott Hanselman
I got tired

I have been blogging here for the last 20 years. Every Tuesday and Thursday, quite consistently, for two decades. But last year, without planning it, I got tired and stopped. Not sure why. It didn't correspond with any life events. Nothing interesting or notable happened. I just stopped. I did find joy on TikTok and amassed a small group of like-minded followers there. I enjoy my YouTube as well, and my weekly podcast is going strong with nearly 900 (!) episodes of interviews with cool people. I've also recently started posting on Mastodon (a fediverse (federated universe)) Twitter alternative that… [...]

- Scott Hanselman
Using Home Assistant to integrate a Unifi Protect G4 Doorbell and Amazon Alexa to announce visitors

I am not a Home Assistant expert, but it's clearly a massive and powerful ecosystem. I've interviewed the creator of Home Assistant on my podcast and I encourage you to check out that chat. Home Assistant can quickly become a hobby that overwhelms you. Every object (entity) in your house that is even remotely connected can become programmable. Everything. Even people! You can declare that any name:value pair that (for example) your phone can expose can be consumable by Home Assistant. Questions like "is Scott home" or "what's Scott's phone battery" can be associated with Scott the Entity in the… [...]

- Scott Hanselman
JavaScript and TypeScript Projects with React, Angular, or Vue in Visual Studio 2022 with or without .NET

I was reading Gabby's blog post about the new TypeScript/JavaScript project experience in Visual Studio 2022. You should read the docs on JavaScript and TypeScript in Visual Studio 2022. If you're used to ASP.NET apps when you think about apps that are JavaScript heavy, "front end apps" or TypeScript focused, it can be confusing as to "where does .NET fit in?" You need to consider the responsibilities of your various projects or subsystems and the multiple totally valid ways you can build a web site or web app. Let's consider just a few: An ASP.NET Web app that renders HTML… [...]

- Scott Hanselman
A Nightscout Segment for OhMyPosh shows my realtime Blood Sugar readings in my Git Prompt

I've talked about how I love a nice pretty prompt in my Windows Terminal and made videos showing in detail how to do it. I've also worked with my buddy TooTallNate to put my real-time blood sugar into a bash or PowerShell prompt, but this was back in 2017. Now that I'm "Team OhMyPosh" I have been meaning to write a Nightscout "segment" for my prompt. Nightscout is an open source self-hosted (there are commercial hosts also like T1Pal) website and API for remote display of real-time and near-real-time glucose readings for Diabetics like myself. Since my body has an… [...]

Meta